Security Resolutions for 2014

The holidays are nearly over and many of us are starting to think of resolutions as we start a new year.  You may be contemplating diets, kicking a habit, getting a gym membership or excise equipment at home, but at the office, think about ways to improve your security in 2014.  Here are some suggestions to contemplate.  These are probably already problems or projects you have been thinking about and maybe you already have them solved or planned out to solve this next year.  If you haven’t, keep in mind all of these are possible with Shavlik Protect.

Increase patching frequency for your end user machines:

  • Microsoft may only release patches once a month, but the 3rd party apps on your systems are updated throughout the rest of the month.  Products from vendors like Adobe, Java, Google, Apple, Mozilla, and others are a prime target for hackers as many companies neglect to update them.  Our Content Team releases new data multiple times each week which includes security updates for these products.
  • Talk to vendors who are holding you on a vulnerable version of software due to a dependency on their application.  A good example of this is Java Runtime.  If you have software dependent on an older version of Java this is a risk to your environment.  I can’t tell you how many companies I talk to that have a dependency on a version of Java 6 due to a software vendor who has a dependency on a specific version of Java.  There are known exploits and off the shelf software to take advantage of them making this an easy target for hackers.
  • Check for End of Life software on your systems.  Shavlik shows software titles that have reached EOL with their vendor.  Any titles that are no longer supported become a risk to your environment and should be updated or removed if possible.

Secure your virtual infrastructure: 

  • Securing the Guest OS is all fine and good, but if you do not patch the infrastructure it is running on you are still putting the most secure VM at risk.  With Protect you can patch Citrix, Hyperv-V, and VMware ESXi (Protect 9.0+) infrastructures.
  • Update VMware Tools.  VMware Tools are required for a lot of functionality on VMware VMs.  They are also a security risk.  Ensure you are updating the Tools version on your VMs.  Keep in mind if you do not update the Hypervisor tools version then the status for VMware Tools being up to date is not accurate.  You should ensure you have the latest tools updates applied to your Hypervisors.  There can be a delay and possibly a VM reboot before the Tools version shows out of date after you update the tools version of your Hypervisor.  Protect will detect and push the latest version of tools to systems which may be newer than the version your Hypervisor is evaluating against.

Extend your coverage outside your environment: 

  • Laptops that move in and out of your network regularly can be a risk to your environment.  It is important to ensure these systems are updated more frequently.  They move beyond your corporate perimeter security measures and often reside on public networks exposing them to greater risk.  With Protect 9.0 you can now enroll your console in the ProtectCloud.  This enables agents on your laptops to keep up to date even outside your network.  Policy updates and results are exchanged through the ProtectCloud so you are still able to see machines being updated and ensure they take policy changes you apply.